Skip to main content

Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords
RFC 8265

Yes

(Ben Campbell)

No Objection

Alvaro Retana
(Alia Atlas)
(Alissa Cooper)
(Benoît Claise)
(Deborah Brungard)
(Mirja Kühlewind)
(Spencer Dawkins)
(Suresh Krishnan)
(Terry Manderson)

Recuse


Note: This ballot was opened for revision 08 and is now closed.

Alvaro Retana No Objection

Warren Kumari No Objection

Comment (2017-07-05 for -08)
Taking a page from Benoit's playbook, here is a diff from RFC7613: https://tools.ietf.org/tools/rfcdiff/rfcdiff.pyht?url1=https://tools.ietf.org/id/draft-ietf-precis-7613bis-08.txt&url2=https://tools.ietf.org/rfc/rfc7613.txt
(I feel really stupid for not realizing this earlier, but diff'ing a -bis from the base RFC is a: obvious and b: really useful for understanding which bits need more review)

(Adam Roach; former steering group member) Yes

Yes (2017-07-05 for -08)
Nit: The final paragraph of section 1 is missing a paren after "[RFC7622]".

Nit: Step 2 in section 4.2.2 cites RFC 4013 as text rather than the normal citation format of [RFC4013]

I have the same comment as I did on rfc7700bis regarding the implications of operation idempotence.

(Ben Campbell; former steering group member) Yes

Yes (for -08)

                            

(Alia Atlas; former steering group member) No Objection

No Objection (for -08)

                            

(Alissa Cooper; former steering group member) No Objection

No Objection (for -08)

                            

(Benoît Claise; former steering group member) No Objection

No Objection (for -08)

                            

(Deborah Brungard; former steering group member) No Objection

No Objection (for -08)

                            

(Eric Rescorla; former steering group member) No Objection

No Objection (2017-07-05 for -08)
I agree with jsalowey's point about discouraging raw password comparison. Can you do something about that?

The use of "false positive" is confusing because positive can either mean "accept" or "reject". I would use "false accept" or "false reject" or some other clearer term

(Mirja Kühlewind; former steering group member) No Objection

No Objection (for -08)

                            

(Spencer Dawkins; former steering group member) No Objection

No Objection (for -08)

                            

(Suresh Krishnan; former steering group member) No Objection

No Objection (for -08)

                            

(Terry Manderson; former steering group member) No Objection

No Objection (for -08)

                            

(Alexey Melnikov; former steering group member) Recuse

Recuse (2017-06-27 for -08)
I am a co-editor.